« MDL: URL Clearing House in testing phase
Crontab way around in Linux »

Fake porn, fake watches and hacking your wallet

November 3rd, 2009

Fake porn sites (real Trojan Horses), fake watches (real scams), password cracking (wallet cracking) : Welcome to the world of online crime!

All these sites were taken from the same IP address, namely 210.51.187.{sanitized}. I’m going to show you a wide portfolio of online threats and scams.

To start off, a fake porn site called Pornotube pushes some mailicious files onto your computer. There is the nice way (an EXE file) or the hard way (a malicious PDF).

1

2

The files are detected by most AV products:

http://www.virustotal.com/analisis/2b6cc5d84db7dd946ee8358ec2bf40435755ef9895e10c4fe13b513f8f8a255e-1257269784

http://www.virustotal.com/analisis/4d0fe75335c352ef7bb544e6b1eea9d1dd2d083a260292275be75580ce98efca-1257224665

Oh, and there’s the cousin website as well, with another PDF exploit ‘in-your-face’.  Those sites are nasty looking, but that’s another story.

3

Now, on to the fake watches. What better way than putting a bit of a Swiss flag in there too… Yes, the Swiss are known for their quaility products, and watches in particular. The first time I flew to Geneva, I was amazed by just how many ads and posters of watches were all throughout the airport. If you take a walk near lake Geneva (le Leman), you will see many old buildings with big signs on them, such as Omega, TAG Heuer etc. I stopped in front of a Cartier store to look at some of the watches, of course none of them had price tags on ;-)
You may get the feeling that I like watches hehe… I have a nice (although modest) Swiss Military watch.

Back to our story, here is a “replica” site… I personally would call it a “counterfeit” store, but it wouldn’t sound as nice, would it? They offer “Free shipping worldwide”, how convenient! I really hate counterfeit stuff. Recently I read an article about that industry in China and it really is an out of control problem.

4

Finally, a page designed for those who want to hack the Russian version of Facebook (vkontakte.ru):

5

I had Google translate the Russian text for me:

6

Payment can be made through one of these institutions:

8

Anything else for you today?

Please note that ICQ hacks are on the ‘winter sale’:

icq2

icq

Don’t forget to use the:

icq3

;-)

Jerome Segura

Warning: all links contained in this post may be dangerous!

RSS feed to this site Twitter Linkedin YouTube Channel

 

RSS feed to this site Jerome Segura is a Security Analyst working at ParetoLogic.

You can contact him at:
MalwareDiaries Email

 

Pages




Security Software




Malware Top 10




Archives




Categories
 
 
 

© 2009 ParetoLogic Inc.